[Openid-specs-digital-credentials-protocols] Notes for DCP WG Call on 11 February
Regenscheid, Andrew R. (Fed)
andrew.regenscheid at nist.gov
Tue Feb 11 21:37:55 UTC 2025
# DCP WG Meeting Notes- 11 February, 2025
## Attendees:
- Torsten Lodderstedt
- Gail Hodges
- Joseph Heenan
- Kristina Yasuda
- Andy Regenscheid
- Bjorn Hjelm
- David Zeuthen
- Andres Olave
- Brian Campbell
- Christian Bormann
- Daniel Fett
- George Fletcher
- Hicham Lozi
- Lee Campbell
- Lukasz Jaromin
- Michael Jones
- Rajvardhan Deshmukh
- Ryan Galluzzo
- Steve Venema
## Agenda Items
### Events/External orgs
- ISO WG 4 in Nagasaki- Bjorn Hjelm to provide an update
- Upcoming DCP WG Hybrid Meeting- About 25 people in-person
### Public Review Period for Proposed Implementer’s Draft of OpenID4VC HAIP:
- https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/
### Update from ISO SC17 WG4 mtg in Nagasaki last week
- The WG4 meeting covered ISO/IEC 23220-2 (Ed. 2 comment resolution), -5 (Ed. 1 Working Draft review), and - 7 (New Project comments).
- Other parts of 23220 series of interest to DCP WG but not discussed during the meeting:
- ISO/IEC TS 23220-3: CD (Committee Draft) ballot (Ed. 1) open until Feb. 18.
- ISO/IEC TS 23220-4: Clean (Ed. 1) DTS (Draft Technical Standard) text submitted to ISO Editor.
- During the OIDF Liaison report, there was a brief discussion about how the technical development in DCP WG should be included in the ISO/IEC TS 23220 that may require further discussions between the organizations.
- Hicham (Lozi) also participated in the WG4 meeting and may have additional feedback and/or comments.
- Significant discussions on how the ISO WG will take contributions/work from the DCP WG. Additional discussions will be needed between WG4 and OIDF on how HAIP will be incorporated, and more generally how to engage WG4 and WG10.
- DCP/OIDF needs to sync offline to to provide comments on the ISO/IEC TS 23220-3 committee draft.
### PRs under review
* Deprecate proof parameter
- https://github.com/openid/OpenID4VCI/pull/453
- Breaking change: Removes the proof parameter in favor of always using proofs
- No objections noted on call, but more reviews needed.
* Returning multiple presentations
- https://github.com/openid/OpenID4VP/pull/398
- Changes the return structure to be an array
- This could be a breaking change.
- Discussed whether the structure should always be an array or only if there are multiple items. - General agreement that it should always be an array, which would be a breaking change.
- More review needed
* DCQL: express desired credential issuers
- https://github.com/openid/OpenID4VP/pull/393
- Allows RP to describe what kind of credential issuers it would accept.
- Questions for the working group:
1. Remove/Keep x5t (X.509 thumbprint): Main Question is if we can assume that every X.509 based PKI uses/requires the Authority Key Identifier element
2. Remove/Keep VICAL (trust framework for ISO mdoc/mdl): Feedback from the ISO working group seems to be that matching based on AKI would be sufficient.
3. OpenID Federation: Should we simplify things and initially only care about express matching of Trust Anchors? We can still extend this later on if necessary
- General agreement on removing the vical option until there’s a spec for it pointing to the current VICAL.
- General agreement to also drop X.509 fingerprint option
- May split OpenID Federation into a separate PR to allow the rest to move forward if we can’t resolve the open questions/discussion items in the PR.
* Non-controversial PRs that just need some other reviewers to merge:
- https://github.com/openid/OpenID4VP/pull/419
- https://github.com/openid/OpenID4VCI/pull/452
- https://github.com/openid/OpenID4VCI/pull/449
- https://github.com/openid/OpenID4VCI/pull/439
- https://github.com/openid/OpenID4VCI/pull/441
- https://github.com/openid/oid4vc-haip/pull/85/
- https://github.com/openid/OpenID4VP/pull/380
### Issues under discussion
* Same credential fulfilling multiple credential queries
- https://github.com/openid/OpenID4VP/issues/397
- Different options identified in the comments. Some breaking changes.
- For now: 3 votes for do nothing, 2 votes for option 2.5B, 1 vote for option 3.
- Continue to vote on the issue so the WG can choose a path.
* Define expected response if claims and claim_sets is omitted in DCQL
- https://github.com/openid/OpenID4VP/issues/304
- Review pull request at https://github.com/openid/OpenID4VP/pull/424
### Continue ISO-related OID4VP / HAIP topics
* Support for RP auth with X.509 certs without a dns name
- https://github.com/openid/OpenID4VP/issues/320
- Question: Why is x509_san_uri client_id scheme not good enough?
- The concern is that the certificates might not have a DNS name/URI, particularly in situations where an RP is using the same credentials for physical and online use cases.
- General agreement to solve this problem by adding X.509 fingerprint client_id scheme would seem to accommodate this case. Martijm to create the PR.
### Other issues:
* Multi RP request
- Discuss "If the RP sends a request with multiple client identifiers for one or more mdocs, how is it supposed to figure out which client identifier to use for checking the session transcript in the respective device response?"
- https://github.com/openid/OpenID4VP/pull/308
- What to use as the client_id for the session transcript
- Some proposals are provided in the PR.
- Discuss this further in the PR and on WG call next Tuesday.
### Other issues on the agenda but not discussed
* Clarify the wallet behavior if the signature can't be verified
- https://github.com/openid/OpenID4VP/issues/395
* make consistent the use of prefixes in the client_id scheme
- https://github.com/openid/OpenID4VP/pull/401
From: Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols-bounces at lists.openid.net> on behalf of Kristina Yasuda via Openid-specs-digital-credentials-protocols <openid-specs-digital-credentials-protocols at lists.openid.net>
Date: Monday, February 10, 2025 at 5:10 PM
To: Digital Credentials Protocols List <openid-specs-digital-credentials-protocols at lists.openid.net>
Cc: Kristina Yasuda <yasudakristina at gmail.com>
Subject: [Openid-specs-digital-credentials-protocols] [agenda] DCP WG call
Hi all,
Below is the suggested agenda for today's DCP WG call. Next week, OIDF Liaisons will be preparing a document for ISO meeting in the beginning of march.
1. OIDF Antitrust Policy at www.openid.net/antitrust<http://www.openid.net/antitrust> applies / IPR reminder
2. Note-taking
3. Events/External orgs
4. Public Review Period for Proposed Implementer’s Draft of OpenID4VC High Assurance Interoperability Profile has started: https://openid.net/public-review-period-for-proposed-implementers-draft-openid4vc-haip/
5. Update from ISO SC17 WG4 mtg in Nagasaki last week
6. PRs that need review, will be merged once 3-4 approvals are in, without another WG discussion, unless something unexpected comes up
* breaking change: https://github.com/openid/OpenID4VCI/pull/453
* noteworthy addition:
* https://github.com/openid/OpenID4VP/pull/398
* https://github.com/openid/OpenID4VP/pull/393
* smaller PRs:
* https://github.com/openid/OpenID4VP/pull/419
* https://github.com/openid/OpenID4VCI/pull/452
* https://github.com/openid/OpenID4VCI/pull/449
* https://github.com/openid/OpenID4VCI/pull/439
* https://github.com/openid/OpenID4VCI/pull/441
* https://github.com/openid/oid4vc-haip/pull/85/
* https://github.com/openid/OpenID4VP/pull/380
1. Please continue the discussion in the comments
* "Clarify the wallet behavior if the signature can't be verfied" https://github.com/openid/OpenID4VP/issues/395<https://github.com/openid/OpenID4VP/issues/395>
* multi RP request: discuss "If the RP sends a request with multiple client identifiers for one or more mdocs, how is it supposed to figure out which client identifier to use for checking the session transcript in the respective device response?": https://github.com/openid/OpenID4VP/pull/308
* [please vote for the options] agree on the path forward for "same credential fulfilling multiple credential queries": https://github.com/openid/OpenID4VP/issues/397
* [labelled ready for PR]: Define expected response if claims and claim_sets is omitted in DCQL: https://github.com/openid/OpenID4VP/issues/304
1. Continue ISO-related OID4VP / HAIP topics:
* Support for RP authentication with X.509 certificates that do not contain a dns name: https://github.com/openid/OpenID4VP/issues/320
1. other issues that have been asked to be put on the agenda
* make consistent the use of prefixes in the client_id scheme https://github.com/openid/OpenID4VP/pull/401
Please review priority PRs for OpenID4VP: https://github.com/openid/OpenID4VP/pulls?q=is%3Aopen+is%3Apr+milestone%3A%22Final+1.0%22
* we should also resume discussion on this PR, since it is an EUDIW requirement: https://github.com/openid/OpenID4VP/pull/318
Please review priority issues for OpenID4VP 1.0 that do not have a resolution yet: https://github.com/openid/OpenID4VP/issues?q=is%3Aissue%20state%3Aopen%20milestone%3A%22Final%201.0%22%20-label%3Ahas-PR%20-label%3Aready-for-PR%20
Please volunteer to do PRs for the ready-for-PR labelled Issues in OpenID4VP / OpenID4VCI / HAIP repos.
Thank you!
Kristina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250211/7b21bd5d/attachment-0001.htm>
More information about the Openid-specs-digital-credentials-protocols
mailing list